While we’re sunny ourselves on holiday sitting by the pool or having some well-deserved timeout with our families, hackers are still working.
The US Cybersecurity and Infrastructure Agency (CISA) and the FBI have released a warning for critical infrastructure providers to stay on guard at holiday times. And that warning was ahead of the recent US Thanksgiving holiday last Thursday. Because hackers just don’t let up, and aren’t taking a break during holiday season.
In August, which is Labor Day weekend in America, the agency issued a similar warning. Why? Because many a time ransomware attackers will launch attacks on holidays and weekends, especially when businesses are closed.
To clarify, CISA and the FBI say “recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.
The agencies explain that some of the worst ransomware attacks happened on holidays and weekends such as Mother’s Day and Independence Day. But they hadn’t come across a specific threat to be wary of.
Ahead of the holiday season, Thanksgiving, Christmas & New Year celebrations the agencies suggest preparing for potential attacks. So, to minimise the risk of attack over these holidays they’ve outlined several key steps organisations can make, see below:
- identifying key IT security staff who could handle a surge in work after a ransomware attack
- implementing multi-factor authentication for remote access and administrative accounts
- educate your business on the importance of cybersecurity
- enforcing strong passwords and avoiding password reuse
- ensuring RDP is secure and monitored
- and reminding employees not to click on suspicious links
It’s also a good idea for organisations to review their incident response measures and procedures, just encase. That way if an organisation does fall victim to a ransomware attack, it will “reduce the risk of severe business/functional degradation.” If you have a current incident response in place, the document “should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident.”
As a result of their findings, both CISA and the FBI warn users and organisation to take immediate action and put these steps in place before the holiday season begins. And that’s to protect ourselves against any threat.
The agencies detail the occurrence of US public holidays that have several major ransomware attacks that aligned with them.
- Mother’s Day weekend, May 2021 – a ransomware gang deployed DarkSide ransomware against Colonial Pipeline. Once the Darkside hackers got into the victim’s network firstly they deployed ransomware to encrypt victim data. Secondly, they exfiltrated the data to have a secondary form of extortion. So that way they could threaten to publish the data as a way to ensure the ransom demand was paid.
- Memorial Day weekend, May 2021 – meatpacker JBS was struck by a Sodinokibi/REvil ransomware attack . This incident effected Australian and US meat production and resulted in a complete halt in production.
- Fourth of July holiday weekend, July 2021 – Sodinokibi/REvil ransomware actors attacked Kaseya’s remote monitoring and management tool.
These attacks have been attributed to suspected Russian-based hackers. However, Microsoft last week warned that state-sponsored hackers from Iran are on the move, increasing their usage of ransomware to prey on victims. And the UK, US and Australian called out Iranian attackers for exploiting known flaws in Fortinet’s VPN and Microsoft Exchange to deploy ransomware.
Before you head out of the office for your next sun filled holiday ensure you’ve ticked off on the several recommendations from the agency.
